Help EFF Fight for Your Digital Rights!

Dear EFFector Readers,
In July of 2005, EFF turned 15 years old. In these 15 years
of fighting for your digital rights, EFF has always been on
the front lines, identifying threats before most people
understand how new technologies -- and the politics of
controlling them -- can impact freedom. This year, EFF has
continued to grow stronger and more effective. Here are a
few things we've accomplished this year:

1) We fought at the Supreme Court in the Grokster case to
protect innovators' right to create new tools. Even though
the Court sent the case back to trial, it firmly held the
line on the Betamax principle that protects technologies with
substantial noninfringing uses and denied Hollywood's quest
to control the standards for future technologies.

2) We sued Sony BMG for infecting its customers' computers
with digital rights management (DRM) software that increases
vulnerability to security threats and lets Sony track and
control listening behavior.

3) We cracked the code of tiny dots many popular laser
printers embed on printouts, exposing how they reveal the
serial number, time, and date of the printing.

4) We pushed for processes that would ensure transparency in
electronic voting machines, including verifiable paper trails
and systems that would enable real audits and recounts of
election results.

5) We created "EFF's Legal Guide for Bloggers" to educate
bloggers about libel law, copyright law, labor law, adult
material and political advocacy, including specific versions
aimed at student bloggers and those blogging from work.

6) We fought against the broadcast flag, a proposal that
would allow Hollywood design control over the next generation
of digital TV receivers. We were part of a lawsuit that
struck down the flag. We also created a toolkit and
sponsored "build-ins" to help people construct flag-free,
open source digital television recorders.

7) We launched the "EFF Patent Busting Project" and
identified the worst patents affecting free speech on the
Internet. We are about to file several "re-examination
requests" with the US Patent and Trademark Office (USPTO)
asking it to revoke these overreaching patents.

8) We successfully opposed the DOJ in numerous jurisdictions
when they requested permission to track cell phone users
without showing the court probable cause of wrongdoing.

9) We've helped win several cases defending the First
Amendment-protected right to anonymous speech in the digital
age and supported technologies that enhance anonymity,
including Tor.

10) We educated the public on the dangerous ubiquity of
surveillance by exposing invasive tracking by data miners,
national ID schemes, RFIDs, and biometrics.

11) We fought to prove that online journalists deserve the
same legal protections for newsgathering as offline
journalists.

12) We fought for the right to reverse engineer a product to
make new interoperable technology. We were there when Lexmark
sued over refilling printer cartridges, when Chamberlain sued
over garage door openers, and when Blizzard threatened the
open-source BNETD emulator.

13) We were on the front lines during last November's
national elections, with an elite squad of attorneys
specially trained in the problems arising from electronic
voting machines increasingly used throughout the country.

14) We created a comprehensive privacy curriculum to educate
activists and the nonprofit community about the law and
technology of government surveillance.

15) We brought suit on behalf of Indymedia and established
that the federal anti-terrorism laws do not trump the First
Amendment.

And this is the short list! For more information about the
Electronic Frontier Foundation and the work that we do, visit
http://www.eff.org and http://www.eff.org/legal/victories .

EFF receives about 2/3 of our funding from individual donors
like you. We need your support to continue our important
work. Please take a minute right now to follow the link
below and make a financial contribution to our cause. We
sincerely appreciate your support.

Security Questions Remain in New Sony BMG Security Patch

Previous Patch for SunnComm MediaMax Had Separate
Vulnerability

Sony BMG released a second patch on Thursday to correct the
security vulnerability in its compact discs released with
SunnComm MediaMax software Version 5 -- a flaw that affects
millions of CDs in the U.S. and Canada. The first patch,
released earlier this week, had a flaw of its own that was
discovered Wednesday by researchers Ed Felton and Alex
Halderman. Security researchers are reviewing the new patch.

Sony has been under fire for using two software technologies
-- SunnComm MediaMax and First4Internet's Extended Copy
Protection (also known as XCP) -- which Sony BMG claims to
have placed on the music CDs to restrict consumer use of the
music on the CDs. However, by including the flawed and
overreaching programs in millions of music CDs sold to the
public, Sony BMG has created serious security, privacy and
consumer protection problems.

The vulnerability in SunnComm MediaMax version 5 was
initially discovered by security firm iSEC Partners after EFF
requested an examination of the software. The flaw defeats
Windows' security measures and allows malicious programs,
such as viruses and trojans, to take control of users'
computers.

EFF, along with the law firms of Green Welling, LLP, and
Lerach, Coughlin, Stoia, Geller, Rudman and Robbins, LLP, and
the Law Offices of Lawrence Feldman, filed a class action
lawsuit last month against Sony BMG that included claims
arising from SunnComm CDs as well as those using
First4Internet XCP software.

North Carolina Sued for Illegally Certifying Voting
Equipment

Raleigh, North Carolina - The Electronic Frontier
Foundation (EFF) on Thursday filed a complaint against the
North Carolina Board of Elections and the North Carolina
Office of Information Technology Services on behalf of
voting integrity advocate Joyce McCloy, asking that the
Superior Court void the recent illegal certification of
three electronic voting systems.

North Carolina law requires the Board of Elections to
rigorously review all voting system code "prior to
certification." Ignoring this requirement, the Board of
Elections on December 1st certified voting systems offered
by Diebold Election Systems, Sequoia Voting Systems, and
Election Systems and Software without having first obtained
let alone reviewed the system code.

"This is about the rule of law," said EFF Staff Attorney
Matt Zimmerman. "The Board of Elections has simply ignored
its mandatory obligations under North Carolina election
law. This statute was enacted to require election
officials to investigate the quality and security of voting
systems before approval and only approve those that are
safe and secure. By certifying without a full review of
all relevant code, the Board of Elections has now opened
the door for North Carolina counties to purchase untested
and potentially insecure voting equipment."

North Carolina experienced one of the most serious
malfunctions of e-voting systems in the 2004 presidential
election when over 4,500 ballots were lost in a voting
system provided by e-voting vendor UniLect Corp.
Electronic voting systems across the country have come
under fire during the past several years as unexplained
malfunctions combined with efforts by vendors to protect
their proprietary systems from meaningful review have left
voters with serious questions about the integrity of the
voting process.

"North Carolina voters deserve to have their election laws
enforced," said co-counsel Don Beskind of the Raleigh law
firm of Twiggs, Beskind, Strickland & Rabenau, P.A.
"Election transparency is a requirement, not an option.
The General Assembly passed this law unanimously, and it is
now time for the Board of Elections to meet their
obligations."

On behalf of McCloy, EFF and Beskind intervened in and
convinced a judge to dismiss a separate lawsuit filed
last month by Diebold, which sought to be exempted from the
state's transparency laws. Diebold represented to the
court that it would be "unable" to comply with the code
escrow requirement of the statute. Inexplicably, the Board
of Elections certified Diebold despite its admitted
inability to comply with the law.

A hearing in McCloy's case against the Board of Elections
is set for Wednesday, December 14. EFF and Beskind have
asked the Court for a temporary restraining order
preventing North Carolina's 100 counties from purchasing
any of the recently certified systems unless and until the
Board of Elections complies with its statutory obligations.

Government Still Pushing for Cell Phone Tracking Without
Probable Cause

EFF Urges New York Judge to Reject Latest Surveillance
Request

New York - The Electronic Frontier Foundation (EFF) has
asked a federal magistrate judge in New York City to reject
a Department of Justice (DOJ) request to track a cell phone
user without first showing probable cause of a crime. In a
brief filed in New York on Tuesday, EFF and the Federal
Defenders of New York argue that no law authorizes the
government's request, and that granting the order would
threaten Americans' Fourth Amendment right against
unreasonable searches.

This latest briefing comes after a decision last week in
Maryland denying a similar order, which combined with two
recent denials published by federal courts in New York and
Texas, represents an unprecedented judicial rebuke to the
DOJ's surveillance practices. The DOJ's apparently routine
practice of asking for and receiving cell-tracking orders
without probable cause only recently came to light as a
result of these newly published decisions; typically, such
requests are made and granted in secret, without any public
accounting.

"Even though three federal courts have now completely
rejected the Justice Department's arguments for tracking a
cell phone without probable cause, it is still asking other
judges for these plainly illegal surveillance orders," said
Kevin Bankston, EFF Staff Attorney. "How many public
denials is it going to take before the Justice Department
either stops seeking such orders altogether, or is willing
to appeal one of these decisions and subject its baseless
arguments to scrutiny by higher courts?"

The DOJ, despite claims that its cell phone tracking
requests are routine, necessary, and perfectly legal, has
so far chosen not to appeal any of the recent decisions.

The European Parliament is set to vote for mandatory data
retention on December 14. If you're in Europe, please call
(not email) your MEP before December 13, and ask him or her
to support MEP Charlotte Cederschiöld's amendment to
reinstate reimbursement for industry and save consumers from
having to bear the costs of this overbroad regime. More info
at EDRi:

French March Toward Worse EUCD Laws Ever
Still difficult to make out the details of the French
equivalent of the DMCA, but there do appear to be some really
terrible ideas fighting to be included.
http://eucd.info/index.php?English-readers

RIAA vs One More Person
An Oklahoma woman is the next to stand up against the RIAA's
lawsuits, claiming she didn't even have a working computer
when the RIAA says she was infringing.
http://www.eff.org/cgi/tiny?urlID=544

Reproduction of this publication in electronic media is
encouraged. Signed articles do not necessarily represent the
views of EFF. To reproduce signed articles individually,
please contact the authors for their express permission.
Press releases and EFF announcements & articles may be
reproduced individually at will.